Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
HorrorKrabs.zip
-
Size
12.5MB
-
Sample
250328-a9rzdaslz3
-
MD5
b075e5820bd51ea1edc114d8643dbecb
-
SHA1
6a88b93c174423486fad95346dd4c6f9958ed2d6
-
SHA256
216f31c18146824ec864ce1cd25980075831e6194e8fc8995554239a3070f62f
-
SHA512
798eda968adb4eade2cf58c967200587a163b9b0e3a650d37e3b1424b721734f01f820ee22c10b906c084fe78c73c8e19bc610562b80fe127bacdbc8d3c21f0a
-
SSDEEP
393216:l1Vj4dlFp2niHiXkgCSqCl8Gri0+CPTKqR/:l1Vj4dlP49eODeNGh
Malware Config
Targets
-
-
Target
HorrorKrabs.zip
-
Size
12.5MB
-
MD5
b075e5820bd51ea1edc114d8643dbecb
-
SHA1
6a88b93c174423486fad95346dd4c6f9958ed2d6
-
SHA256
216f31c18146824ec864ce1cd25980075831e6194e8fc8995554239a3070f62f
-
SHA512
798eda968adb4eade2cf58c967200587a163b9b0e3a650d37e3b1424b721734f01f820ee22c10b906c084fe78c73c8e19bc610562b80fe127bacdbc8d3c21f0a
-
SSDEEP
393216:l1Vj4dlFp2niHiXkgCSqCl8Gri0+CPTKqR/:l1Vj4dlP49eODeNGh
Score6/10-
Legitimate hosting services abused for malware hosting/C2
-
-
-
Target
HorrorKrabs.exe
-
Size
31.1MB
-
MD5
a9ac58e28c018a526115108405f24c39
-
SHA1
a3e171ebb50717056d4f66507347e2fc4a812849
-
SHA256
d1229f89eccd5a1a3b19432deac06425c33564cf373564abbec0e5c8cfbd562e
-
SHA512
48e96bc307ab6beb2c84ca507a89b84cd5e146421e33ff7af9aa9086a96f806fe9b8d65dc9a5e54c18f1e9427c74255f943bea1868f39b66960741897302e0f2
-
SSDEEP
196608:/Bq8XWmsNIy3QT2bAx6gHux8fP1FdA29xTxVIVXAUPL7VsPBMHvUDJNkyhtTT0o5:NNsqEd9sf/llE/0NDkyhf5
Score10/10-
Modifies Windows Defender DisableAntiSpyware settings
-
UAC bypass
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Disables cmd.exe use via registry modification
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
2Disable or Modify Tools
2Modify Registry
5